Crypto-Arbitration

The institutions that mediate trust on the Internet are still in their infancy. The modern Certification Authority is a curious beast. Usually run as a for-profit corporation, the CA issues “certificates” that serve to bind a public key with an identity. The person or organization to whom the certificate is issued (the “subject”) has to prove to the CA that they are the legal owner of the presented identity (which could be a domain name or the actual legal name of a real person) and that they control the private key that corresponds to the given public key. Then, the CA creates a certificate containing the public key, the identity string, and a digital signature made with the CA’s own private key. The subject can then hand out the certificate to others with whom he interacts (“relying parties”) who can independently validate the CA’s signature on the certificate (the public keys of the CAs are presumed to be widely distributed and well-known) and, through a cryptographic key exchange protocol, can verify that the entity with which they are interacting does control the private key corresponding to the public key in the certificate. The relying party can then rest assured that they are dealing with the entity named in the certificate, and can trust the results of any transaction. Right?

Wrong. Verification that the subject is the legal owner of a particular string of characters in no way implies that the subject should be trusted. The ICANN-administered DNS regime does a pretty good job ensuring that domain names are uniquely assigned and resolving trademark disputes, but all sorts of miscreants can and do register domain names and use them to commit fraud. The services of a CA, especially one that merely verifies the ability of a subject to receive e-mail at a specified address, are similarly value-free.

Real trust depends not only on verifying the identity of the contact, but also making a value judgment about the person(s) behind the name string. A history of prior interactions can guide this judgment, but what if such a history doesn’t exist? What if you need to make a decision about whether to read an e-mail sent to you from someone you do not know and have never heard from before? It is here that you need to query a source that you trust about whether the new contact should be trusted—you need to check his reputation.

Online reputation systems based on Internet Protocol address have been around for some time. These are usually lists of IP addresses with a negative reputation, known for generating spam or other unwanted traffic. A recent IETF standard called Vouch-by-Reference would allow for the publication of reputation based on a domain name. A reputation service could use VBR to publish a list of well-behaved domains using whatever criteria it saw fit. Obviously, if the service is to be relied upon in any way by a community of users, it should have policies in place to vet potential listings and ensure that bad-guys aren’t allowed in.

The kinds of value judgments required of such a service are exactly the ones that organizations such as ICANN (which strives to maintain its legitimacy as a global governance organization) and for-profit CAs shy away from. Any definition of abusive behavior that would get a name removed from the good-reputation database is likely to be contentious and highly political. While we’re in the business of making value judgments, we might as well go whole-hog. Here’s a partial list of offenses that would get you kicked off my list, if I were in charge:

Committing fraud, in any of its various incarnations.

Sending unwanted messages.

Disclosing private information of another user to an unauthorized party.

Advocating violence of any form, except in very limited cases of self-defense.

Expressing racist or homophobic opinions.

Questioning my right to kick you off my list.

As you can tell, these rules could get pretty arbitrary. The only important quality is that the rules represent a set of values that is held and respected by the community using the reputation service, and that their application is accepted as just by the community. As they evolve, I expect that reputation services will emerge as venues for settling disputes of all kinds among the members listed there. As an Internet organization with global scope, a reputation service could provide an arbitration forum that crosses national boundaries and that serves as a conscience to the world. By committing himself to arbitration of disputes when joining, a member could even be legally bound by decisions rendered in those nations that have arbitration laws on the books. Even in the absence of such laws, there is one sanction that is certainly always within the power of a reputation service: removal from the list and banishment of any future enrollment. If the service becomes a ubiquitous part of daily life (such as in the conduct of e-commerce transactions of all sorts) banishment could be quite an effective deterrent to bad behavior. A system of justice based on these principles could be the very embodiment of a more libertarian court system similar to the ones espoused by Murray Rothbard.

Arbitration clauses are typical in the subscriber agreements and relying party agreements of most major CAs; however, in the main they are designed to resolve disputes about whether the CA did the job it claims to do: verifying legal ownership of a particular string of characters by the entity controlling the private key corresponding to the public key in the certificate. An interesting exception is the dispute resolution policy of CAcert, a not-for-profit CA based in Australia. It would appear that they bind their subscribers to arbitration of all disputes, not just those involving malpractice by the CA itself. They currently include a liability limit of €1000, but revocation of an issued cert and exclusion from the community would be a more common sanction. CAcert will also issue anonymous certificates that are traceable to the user under the direction of an arbitrator. This is similar in some ways to my Distributed Identity Escrow proposal, although I think more security is provided by distributing the identity linking information instead of centralizing it.

The future is going to be an interesting one. I don’t expect that nation states will react kindly to the emergence of dispute resolution services that offer greater privacy to their users while undercutting the more traditional forms of justice based on the use of force. Time will tell whether the new global institutions will be allowed to take root and bear fruit, or whether the old guard will be successful in suppressing them.